Senior Manager, Government Compliance

Senior Manager, Government Compliance

Remote – United States

The Opportunity: 

Anthology delivers education and technology solutions so that students can reach their full potential and learning institutions thrive. Our mission is to empower educators and institutions with meaningful innovation that’s simple and intelligent, inspiring student success and institutional growth.

The Power of Together is built on having a diverse and inclusive workforce. We are committed to making diversity, inclusion, and belonging a foundational part of our hiring practices and who we are as a company.

For more information about Anthology and our career opportunities, please visit www.anthology.com. 

The role is a leadership role within our Governance, Risk and Compliance team that will supervise professional-level employees and/or support employees. The primary function of this role will be to manage the maintenance and expansion of Anthology’s Federal and State compliance programs. In addition to helping build Anthology’s State/FedRAMP portfolios, you will also be actively involved in the emerging DISA compliance-related (e.g., RMF, CMMC, DISA IL-4, etc.) workstreams. This role is a non-supervisory hands-on position that requires someone with prior FedRAMP and/or U.S. Government compliance experience.

Primary responsibilities will include:

• Ensuring policies, practices, and procedures are understood and followed by direct reports, customers, and stakeholders
• Responsible for State and Federal regulatory compliance (TX-, State-, FedRAMP, IL-4, CMMC) – Government Compliance – in consultation with the CISO, as well as Finance, Sales, and Legal teams
• Providing subject matter expertise for FedRAMP and NIST 800-53 compliance standards and regulations
• Owning management and execution of the external audit calendar in consultation with business processes and agency/state sponsors
• Leading the completion of corrective and preventive actions for findings of Government Compliance audits and oversight of the Plan of Action and Milestones (POA&M) reporting process
• Ensuring that systems vulnerability and penetration tests are executed per the State/Federal/Agency standards and results are clearly communicated to appropriate operational teams. Working with operational teams to re-assess remediated systems
• Ensuring that continuous monitoring reporting is conducted, and the results made available to the applicable audience (FedRAMP, StateRAMP)
• Ensuring annual reviews and updates of System Security Plans are conducted and enforcing the document control management process
• Management of the Vendor Risk Assessment program, in alignment with Legal, Privacy and Procurement teams
• Ensuring Vendor Risk Assessments are conducted quickly, and results reported clearly to stakeholders, along with next steps, if applicable
• Owning the review and improvement of Vendor Risk Management processes
• Assisting in the identification of business process improvements and partnering with technology and business stakeholders to identify pragmatic approaches to compliance readiness and testing
• Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of Government Compliance readiness and audit execution
• Assisting with forecasting, planning, and risk assessment relevant to expanding Government Compliance program in alignment with the company’s technology and sales strategies
• Maintaining and applying current industry knowledge and best practices. Researching and recommending use of new technologies
• Project management including analysis of business requirements, creating, and updating project plans, and tracking projects to successful completion
• Managing personnel including mentoring and cross-training of team members to achieve business objectives
• Developing metrics and dashboards for reporting on Regulatory Compliance programs

The Candidate:

Required skills/qualifications:

• US Citizen
• Effective organization, follow-up, and time management skills
• 8-12 years of hands-on experience in IT audit and/or compliance
• Strong documentation and communication skills
• A recent hands-on concentration of work with the FedRAMP Framework (audit and compliance experience)
• Strong background with NIST Risk Management Framework (SP 800-53) and a broad range of skills in the fields of NIST publications, FedRAMP requirements
• Experience with control assessments and coordination of audit activities
• Experience managing and achieving authorizations under FedRAMP program
• Understanding of software development lifecycle methodologies, cloud and server infrastructure, LAN/WAN networking, VPN, and wireless networking infrastructures
• Experiencing managing security staff, collaboration and relationship building with global teams
• Ability to work both independently and within a global team environment
• Ability to develop and foster strong relationships with technology and business stakeholders
• Strong writing ability with a focus on communication of technical topics
• Fluency in written and spoken English

Preferred skills/qualifications:

• Previous experience leading a Cloud Service Provider through a FedRAMP, StateRAMP, or IL-4 ATO process
• Previous experience at a SaaS company in a similar role
• Previous experience gaining an ATO or P-ATO for a cloud implementation
• Exposure to ISO27001, PCI, HIPAA/HITRUST, SOC 2
• Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor)
• Bachelor's Degree in Information Technology, Business, or related vocations

Pay range is $143,400 - $160,100/year depending upon experience. We use national and industry-specific survey data to assist in determining compensation. Additionally, we consider factors such as external market rate, budget for the role, and the compensation rates of current employees performing the same function. Some roles will have variable pay.

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.

Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.

#LI-Remote #LI-JO1